On Mon, Mar 05, 2018 at 08:43:48AM -0600, Doug Goldstein wrote: > On 3/2/18 5:29 AM, Jan Beulich wrote: > >>>> On 02.03.18 at 12:09, <wei.l...@citrix.com> wrote: > >> On Thu, Mar 01, 2018 at 05:01:55PM +0000, Roger Pau Monné wrote: > >>> On Thu, Mar 01, 2018 at 04:01:23PM +0000, Wei Liu wrote: > >>>> On Thu, Mar 01, 2018 at 03:57:18PM +0000, Andrew Cooper wrote: > >>>>> On 01/03/18 12:22, Wei Liu wrote: > >>>>>> On Wed, Feb 28, 2018 at 10:20:53AM +0000, Roger Pau Monne wrote: > >>>>>>> XSA-256 forces the local APIC to always be enabled for PVH guests, so > >>>>>>> ignore any apic option for PVH guests. Update the documentation > >>>>>>> accordingly. > >>>>>> I think how I will approach this is to dictate that PVH always has > >>>>>> LAPIC > >>>>>> in our in-tree document, then use that as the justification for this > >>>>>> change. That's the consensus from 2 years ago, right? > >>>>>> > >>>>>> Or we're just working around the limitation in our code base, and users > >>>>>> may demand a no-LAPIC PVH guest just because... > >>>>> > >>>>> Currently, Xen enforces that HVM guests have an LAPIC. This is because > >>>>> making the non-LAPIC case function correctly/safely devolved into a > >>>>> massive rats nest and I stopped trying to fix it after 2 days of trying. > >>>>> > >>>>> At the moment, it would be wise to discuss whether the non-LAPIC case is > >>>>> actually sensible. I personally see no value in keeping it. > >>>>> > >>>> > >>>> +1 > >>>> > >>>>> If someone can come up with a convincing usecase for keeping it, then > >>>>> ok, but the barrier for this is increasing all the time, especially now > >>>>> that hardware acceleration and posted interrupts means that a > >>>>> pipeline-virtualised APIC is faster and more efficient than any of our > >>>>> event channel mechanisms. > >>>> > >>>> +1 > >>> > >>> I've looked at the in-tree pvh document and it just refers to the local > >>> APIC in this sentence: > >>> > >>> "AP startup can be performed using hypercalls or the local APIC if > >>> present." > >>> > >>> I guess the trailing "if present" could be removed, but it's not > >>> colliding with this patch. > >>> > >>> I'm happy with rebasing this patch and applying the above change, is > >>> there any other document that should be changed? > >> > >> Can we make it more explicit. Like > >> > >> VCPUs for PVH must have local APIC and it can't be disabled. > >> > >> ? > > > > To be honest I liker Roger's suggestion better. And yet better > > would imo be if we left that sentence alone, unless we really mean > > to close that road for anyone wanting to take on making APIC- > > less guests work securely. > > > > Jan > > I believe that's exactly what Andrew proposed in > https://lists.xenproject.org/archives/html/xen-devel/2018-03/msg00089.html > removing the wording doesn't exclude someone from adding it later but it > does make it clear that its not available today.
I'm kind of lost regarding whether we reached consensus or not. Is the current patch suitable, or should I change some of the wording? Thanks, Roger. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
